Managing Privacy and Cybersecurity in a New Era of Consumer Data Protection

Managing Privacy and Cybersecurity in a New Era of Consumer Data Protection

By Dov Slansky
May 20, 2022 | 7-minute read
Technology Management Website Management Analytics and SEO Communications Software and Platforms Customer Relationship Management (CRM) Content Type Article
Share this story

From recent Android and Apple iOS changes helping thwart advertisers to the now notorious practice of “cookie-ing” users who land on a website, privacy concerns and conversations are once again at the forefront of the industry. Depending on your preference, you may love this new era of protection or hate it. Either way, there’s no going back — compliance is a must.

So how can law firms incorporate these standards into their overall technology and security plan while remaining nimble to the ever-evolving compliance requirements? With his strong legal technology background, Litify Vice President of Solution Engineering Dov Slansky weighs in below. Prior to co-founding Litify, Dov was an attorney at several mass tort law firms where he oversaw some of the largest dockets of hip replacement, surgical mesh and blood thinner caseloads. Dov subsequently led a technology and operations team at Morgan & Morgan, the nation's largest consumer law firm. He's also a frequent speaker on topics ranging from law firm best practices for growth and technology to case strategies and litigation.

Law firms have become increasingly data-driven. What types of data are most affected by the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and other data privacy regulations?

All client data can be covered under these regulations; they cover any personal data and it extends outside the borders of the state or country that the law covers. U.S. firms are affected by GDPR and non-California firms by CCPA, for example. This is important to realize since firms are starting to collect, and want to retain long term, more and more data.

It becomes even more important when you factor in that this data is likely to be stored in a cloud environment, so you now need to manage where the data is actually being held to ensure that you don't run afoul of these regulations. This can make it difficult to collect the data you want because the safeguards around these acts can be somewhat onerous and the penalties severe.

How can firms ensure they are marketing to the right audiences and delivering personalized experiences with more limited data?

First and foremost, take the time to understand your objective, and focus on the outcome behind an initiative or project. This will keep you from being overbroad in your approach.

Segmentation is your friend. For instance, if you want to attract new clients in a specific region or in a specific practice area, focus on the benefit you will achieve from bringing those clients in. Will that geographic area pay off enough to outweigh both the real costs of compliance, as well as the perceived costs and potential penalties for non-compliance? Will that practice area bring you the business you want? Or is the juice not worth the squeeze to bring in one additional client that will open up a raft of exposure to these new regulations where you may not be exposed today?

I don't think you need to limit the data that you collect necessarily. You just need to be specific and targeted with what you want and ensure that those benefits outweigh the risks. This is an area where marketing and business development can work hand in hand with attorneys and your CIO/CISO to ensure that the growth initiative of the firm is being carried out in the best way.

Android and Apple have recently introduced significant policy changes around opting in versus opting out. What are some best practices on how to handle these changes?

While not definitive, it seems that marketers are adjusting quite well to the recent policy changes made by Apple and Google. We all still see Facebook and Instagram ads and marketers still see them as great channels for reaching people. Ultimately, the “death of mobile advertising” isn’t here yet, it just needs to evolve to work with less data.

From my perspective, I only see these changes as a positive for our industry. They end up protecting the privacy of our own clients as the end users of this opt-in/-out policy. Anything that results in increased privacy or preference management for the end user is hard for me to see as a negative.

From a business standpoint, it does make it harder to track users across the web. However, we haven’t seen a decrease in advertising. What is happening is that marketers are adjusting to the amount of data they are receiving and adjusting their strategies going forward. I believe the proof is in the pudding when it comes to privacy being the right stance. The companies that were serving ads before haven’t decreased serving those ads now, which means working within the restricted set of data is fine — and they may have actually had too much to begin with!

With less data being available to them from a tracking standpoint, they just have to better focus their ad buys and ensure the more limited targeting they’re doing is working as effectively as possible.

Anything that results in increased privacy or preference management for the end user is hard for me to see as a negative.

How can legal marketers use analytics and automation to reduce the impact of privacy regulations on their ROI and strategy?

This is a wake-up call to ensure you are serving up high-value content. If you are, then your users will be engaged with you and want to have a conversation. Once that happens, you are outside of the land that is governed by the Facebook pixel and you have a real prospective client who is engaged with your business on your turf, so to speak. I’d encourage everyone to take a closer look at what they’re putting out to ensure it’s relevant, high-quality and will drive engagement from their respective communities.

From a marketing technology perspective, you also want to be sure that all the technology platforms you’re using are compliant. At Litify, our software is built on Salesforce, which is well-known for being both GDPR and CCPA compliant, as well as being highly secure against security breaches, so we’re especially sensitive to this. Think about those tools and ensure you choose solutions that are robust enough to fit your marketing needs, while giving you the privacy and security measures you desire.

How can marketers stay ahead of rapidly evolving data privacy laws?

Join a trade group, read articles, develop new ideas and come to industry events. Here’s a few of my personal favorites:

  • Legal trade groups like the International Legal Technology Association (ILTA) are great for keeping on top of broad security issues. They are also great ways to develop a peer network to ensure you have support and can obtain clarity from other like-minded folks when something changes and you need to adapt.
  • Krebs on Security is another general purpose blog to read that covers all manners of security. They don’t just cover the legal sector, but also provide good coverage of data breaches and bad actors.
  • The Legal Marketing Association (LMA), which is specific to the strategies and tactics of legal marketing to ensure your practices remain up to date and compliant.

At the end of the day, you can also ask your clients. You’re already working with the people who make and interpret these laws, and they’ll know them better than anyone else.

Key Takeaways

We’re in a new era of consumer protection, and the legal industry will need to evolve its practices in response. How can professionals keep up?

  • Ask questions: You’re not alone if you feel like you don’t know everything. Utilize your firm’s privacy professionals, your clients and industry forums to get insight into compliance and best practices.
  • Use best-in-class technology: Your solution of choice should always be up to date so you can take advantage of the latest privacy and cybersecurity measures. In addition, the alphabet soup of technology certifications can be daunting. You can always check out what other customers or verticals a platform serves to know if those meet your needs, as they can also be an indicator of acceptable risk.
  • Push the envelope when it comes to securing client data: It’s always better to be a step ahead rather than a step behind when it comes to protecting this critical information.
  • Be the best you can be — and teach your team to do the same: Best-in-class technology is critical, but it’s ultimately up to you to ensure your teams are complying.

Dov Slansky

Dov Slansky is an accomplished attorney and a co-founder and senior vice president of legal strategy at Litify. He is a Hofstra Law grad and prior to being a co-founder of Litify, he was an attorney at several mass tort law firms in the New York area as well as the leader of a technology and operations team at Morgan & Morgan. Dov is a consumer law firm growth expert and a frequent speaker about law firm best practices for growth. He has appeared on panels and solo presentations ranging from marketing and technology to case strategies and litigation.